macOS
brew install strongswanlocal Homebrew formula metadata
brew
VPN based on IPsec. Version 6.0.7 via Homebrew; verified 2026-06-08.
install
brew install strongswanlocal Homebrew formula metadata
sudo apk add py3-viciAlpine Linux edge package indexes · py3-vici · source: dl-cdn.alpinelinux.org
sudo apt install charon-cmdDebian stable package indexes · charon-cmd · source: deb.debian.org
sudo dnf install perl-viciFedora Rawhide package metadata · perl-vici · source: dl.fedoraproject.org
nix profile install nixpkgs#strongswannixpkgs package indexes · pkgs/by-name/st/strongswan/package.nix · source: api.github.com
sudo pacman -S strongswanArch Linux sync databases · strongswan · source: geo.mirror.pkgbuild.com
sudo zypper install strongswanopenSUSE Tumbleweed package metadata · strongswan · source: download.opensuse.org
overview
VPN based on IPsec
history
strongSwan is a long-running open source IPsec and IKE implementation used to build policy- and route-based VPNs. In package-manager culture it is a substantial security package: a suite of daemons, plugins, and command-line tools such as `ipsec`, `swanctl`, `pki`, and `charon-cmd` rather than a single small executable.
The official strongSwan history says the project launched in 2005 as a fork of the discontinued FreeS/WAN project, integrating the X.509 patch its authors had contributed since 2000. The project later replaced inherited FreeS/WAN code with a new modular IKE daemon written in a modern object-oriented C style.
strongSwan initially used the new daemon for IKEv2 while IKEv1 remained handled by an extended FreeS/WAN pluto daemon. Because IKEv2 adoption by other vendors was slower than expected, strongSwan added IKEv1 support to the new daemon in strongSwan 5.0 in 2012 and removed pluto and other legacy components.
The project documents more than 400,000 lines of code, more than 400 automated tests, and more than 110 contributors on its official about page. The input package facts show broad packaging across Homebrew, Debian and Ubuntu components, Fedora, Nix, pacman, APK, and zypper, reflecting its role as infrastructure software rather than a niche CLI.
Administrators use strongSwan to configure, control, and monitor IPsec/IKE VPNs. Official documentation describes `swanctl` as the command-line utility for configuring, controlling, and monitoring the IKE charon daemon through the vici interface, while the broader documentation covers configuration files, certificates, kernel integration, and platform-specific builds.
Package nerds care about strongSwan because it sits at the intersection of kernel networking, cryptography, service management, plugin selection, and distro policy. Packaging it correctly means handling default configuration paths, private-key directories, optional plugins, service startup, and compatibility across Linux, macOS, FreeBSD, Android, and other supported environments.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/etc/strongswan.conf/etc/strongswan.d//etc/swanctl/swanctl.conf/etc/swanctl/conf.d/*.confCredential-bearing paths to review before unattended agent runs.
/etc/swanctl/private//etc/swanctl/rsa//etc/swanctl/ecdsa//etc/swanctl/pkcs8//etc/swanctl/pkcs12//etc/swanctl/swanctl.confexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
charon-cmd | cli | global executable | |
ipsec | cli | global executable | |
pki | cli | global executable | |
swanctl | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
install metadata
| Package key | brew:strongswan |
|---|---|
| Version | 6.0.7 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/strongswan |
| Homepage | https://www.strongswan.org |
| Repository | https://github.com/strongswan/strongswan |
| Upstream docs | https://docs.strongswan.org/ |
| License | GPL-2.0-or-later |
| Source archive | https://download.strongswan.org/strongswan-6.0.7.tar.bz2 |
| Last updated | 2026-06-08T08:40:44Z |
| Pulse | updated |
| Dependencies | openssl@3 |
| Uses from macOS | curl |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
| Caveats | You will have to run both "ipsec" and "charon-cmd" with "sudo". |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | strongswan |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
charon-cmd 6.0.1-6+deb13u5
standalone IPsec client
sudo apt install charon-cmdcharon-systemd 6.0.1-6+deb13u5
strongSwan IPsec client, systemd support
sudo apt install charon-systemdlibcharon-extauth-plugins 6.0.1-6+deb13u5
strongSwan charon library (extended authentication plugins)
sudo apt install libcharon-extauth-pluginslibcharon-extra-plugins 6.0.1-6+deb13u5
strongSwan charon library (extra plugins)
sudo apt install libcharon-extra-pluginslibstrongswan 6.0.1-6+deb13u5
strongSwan utility and crypto library
sudo apt install libstrongswanlibstrongswan-extra-plugins 6.0.1-6+deb13u5
strongSwan utility and crypto library (extra plugins)
sudo apt install libstrongswan-extra-pluginslibstrongswan-standard-plugins 6.0.1-6+deb13u5
strongSwan utility and crypto library (standard plugins)
sudo apt install libstrongswan-standard-pluginsstrongswan 6.0.1-6+deb13u5
IPsec VPN solution metapackage
sudo apt install strongswanstrongswan-charon 6.0.1-6+deb13u5
strongSwan Internet Key Exchange daemon
sudo apt install strongswan-charonstrongswan-libcharon 6.0.1-6+deb13u5
strongSwan charon library
sudo apt install strongswan-libcharonstrongswan-nm 6.0.1-6+deb13u5
strongSwan plugin to interact with NetworkManager
sudo apt install strongswan-nmstrongswan-pki 6.0.1-6+deb13u5
strongSwan IPsec client, pki command
sudo apt install strongswan-pkistrongswan-starter 6.0.1-6+deb13u5
strongSwan daemon starter and configuration file parser
sudo apt install strongswan-starterstrongswan-swanctl 6.0.1-6+deb13u5
strongSwan IPsec client, swanctl command
sudo apt install strongswan-swanctlstrongswan
nix profile install nixpkgs#strongswancharon-cmd 5.9.13-2ubuntu4
standalone IPsec client
sudo apt install charon-cmdsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.